extSTS中的Sharepoint online令牌为空
我试图通过webpart在sharepoint中获取令牌,但它返回空值,我执行了下面的代码extSTS中的Sharepoint online令牌为空,sharepoint,token,Sharepoint,Token,我试图通过webpart在sharepoint中获取令牌,但它返回空值,我执行了下面的代码 /** * Metodo que gerará o token */ getTokenSharepoint() { var username=""; var password=""; var siteCollUrl="https://bbtecno.sharepoint.com"; var loginUrl = "https://bbtecno.sharepoint.com/_forms/defaul
/**
* Metodo que gerará o token
*/
getTokenSharepoint() {
var username="";
var password="";
var siteCollUrl="https://bbtecno.sharepoint.com";
var loginUrl = "https://bbtecno.sharepoint.com/_forms/default.aspx?wa=wsignin1.0";
var token;
var digest;
var requestBody='<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'
+'<s:Header>'
+' <a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>'
+' <a:ReplyTo>'
+' <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>'
+' </a:ReplyTo>'
+' <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>'
+' <o:Security s:mustUnderstand="1"'
+' xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd">'
+' <o:UsernameToken>'
+' <o:Username>'+username+'</o:Username>'
+' <o:Password>'+password+'</o:Password>'
+' </o:UsernameToken>'
+' </o:Security>'
+' </s:Header>'
+' <s:Body>'
+' <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">'
+' <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">'
+' <a:EndpointReference>'
+' <a:Address>'+siteCollUrl+'</a:Address>'
+' </a:EndpointReference>'
+' </wsp:AppliesTo>'
+' <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>'
+' <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>'
+' <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>'
+' </t:RequestSecurityToken>'
+' </s:Body>'
+'</s:Envelope>';
const itemHeader: any = {
'Accept': 'text/html,application/soap+xml;odata=nometadata',
'Content-type': 'application/xml;odata=verbose',
'odata-version': '3.0',
"X-HTTP-Method": "POST",
"Access-Control-Allow-Origin": "*"
};
const spHttpClientOptions: ISPHttpClientOptions = {
"body": requestBody,
"method": 'POST',
"mode": 'cors'
};
alert('estou aqui 1');
this.context.httpClient.post("https://login.microsoftonline.com/extSTS.srf" ,
SPHttpClient.configurations.v1, spHttpClientOptions)
.then(data => {
var result: any[];
if(data.status == 200)
{
alert("teste" + JSON.stringify(data.text()));
return data.text(); //returning the XML text of the response
}
else
{
return "";
}
});
}
/**
*梅托多·克格拉罗代币
*/
getTokenSharepoint(){
var username=“”;
var password=“”;
var siteCollerl=”https://bbtecno.sharepoint.com";
变量loginUrl=”https://bbtecno.sharepoint.com/_forms/default.aspx?wa=wsignin1.0";
var代币;
var摘要;
var requestBody=''
+''
+' http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue'
+' '
+' http://www.w3.org/2005/08/addressing/anonymous'
+' '
+' https://login.microsoftonline.com/extSTS.srf'
+' '
+' '
+''+用户名+''
+''+密码+''
+' '
+' '
+' '
+' '
+' '
+' '
+' '
+“+siteCollRL+”
+' '
+' '
+' http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey'
+' http://schemas.xmlsoap.org/ws/2005/02/trust/Issue'
+'urn:oasis:names:tc:SAML:1.0:assertion'
+' '
+' '
+'';
const itemHeader:any={
“接受”:“text/html,application/soap+xml;odata=nometadata”,
“内容类型”:“应用程序/xml;odata=verbose”,
“odata版本”:“3.0”,
“X-HTTP-Method”:“POST”,
“访问控制允许来源”:“*”
};
常量spHttpClientOptions:ISPHttpClientOptions={
“主体”:请求主体,
“方法”:“POST”,
“模式”:“cors”
};
警报(“estou aqui 1”);
this.context.httpClient.post(“https://login.microsoftonline.com/extSTS.srf" ,
SPHttpClient.configurations.v1,sphttpclientations)
。然后(数据=>{
var结果:任何[];
如果(data.status==200)
{
警报(“teste”+JSON.stringify(data.text());
return data.text();//返回响应的XML文本
}
其他的
{
返回“”;
}
});
}
你能帮我吗
跨源读取阻塞(CORB)是一种算法,它可以在web浏览器中可疑的跨源资源负载到达web页面之前识别并阻塞这些负载。CORB使敏感数据远离跨源网页,从而降低了泄漏敏感数据的风险。在大多数浏览器中,它将这些数据排除在不受信任的脚本执行上下文之外。在具有站点隔离功能的浏览器中,它可以将此类数据完全排除在不受信任的渲染器进程之外,甚至有助于抵御Spectre等侧通道攻击
谢谢我尝试使用jquery,但没有成功,因为这是生成CORS的问题 $.ajax({ “url”:“, 数据类型:“文本”, 键入:“POST”
'data': '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap- envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action><a:MessageID>urn:uuid:40c1407d-b2a4-4e05-8248-8a92b71102b6</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:UsernameToken u:Id="uuid-69882db9-2d6b-45d3-b016-c2156cb6c01d-1"><o:Username>' + username + '</o:Username><o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">' + password + '</o:Password></o:UsernameToken></o:Security></s:Header><s:Body><t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><a:EndpointReference><a:Address>https://bbtecno.sharepoint.com/_forms/default.aspx?wa=wsignin1.0</a:Address></a:EndpointReference></wsp:AppliesTo><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType></t:RequestSecurityToken></s:Body></s:Envelope>',
headers: {
'Accept': 'text/html,application/soap+xml;odata=nometadata',
"Access-Control-Allow-Origin":"*" },
success: function (result) {
var xmlDoc = $.parseXML(result);
var xml = $(xmlDoc);
var binToken = xml.find("wsse\\:BinarySecurityToken").text();
alert(binToken);
//CallSPOnline(binToken, tenantName);
}
});
“数据”:来自源“”的“”已被CORS策略阻止:飞行前响应中的访问控制允许标头不允许访问控制允许源
谢谢